Yet another zero-day vulnerability recently reared its ugly head in the threat landscape. Discovered by Marco Giuliani at Prevx, the proof of concept (POC) shows that a vulnerable application programming interface (API) in Windows can be manipulated by changing its input to cause an overflow in the kernel that will allow arbitrary code to run in kernel mode. As proven in our internal testing, the POC described by the author is capable of elevating system privileges without the user’s knowledge even in more recent Windows OS versions that utilize user account control (UAC).

The timing of the POC’s release is particularly crucial, considering the upcoming Thanksgiving holidays. With users spending more time online in search of discounts and Black Friday deals, it may become easier for cybercriminals to spread malware exploiting the zero-day vulnerability. Users are thus advised to exercise caution when conducting their usual online activities.

Analysis and screenshot provided by threat analyst Edgardo Diaz, Jr.

Share this article

This entry was posted
on
Wednesday, November 24th, 2010
at
4:30 pm and is filed under
Bad Sites .
Both comments and pings are currently closed.

http://www.kernelmode.info AD

Hello,

Just so you know – the original proof-of-concept was discovered by a Chinese reverse-engineer by the name of Nooby and published on DebugMan.com. The thread has since been removed, however.